Security attack situation awareness based on massive log data mining

Security situation awareness usually uses massive log information to discover abnormal attacks based on basic user attributes, user behavioral actions and user interactions through machine learning and other methods. Considering that the interaction between users in security situation awareness is exactly the graph data structure to which graph neural networks are applicable, this paper proposes a graph neural network-based security situation awareness method for massive logs, by mining log data, extracting user features for aggregation, and finally predicting user behavior to achieve security situation awareness. Compared with traditional supervised or unsupervised learning algorithms, the graph structure built in this paper not only retains the information carried by the users themselves, but also retains the relationship features between users and users, and between users and servers. By mapping the relationships between users to homogeneous graphs and between users and servers to heterogeneous graphs, and introducing an attention mechanism to dynamically adjust the weights of neighboring nodes, the accuracy of graph neural network learning can be effectively improved.